yeasir01
commented
3 years ago Found a solution. When generating a token the payload iat must be in milliseconds.
here's what worked for me incase someone else gets stuck.
const payload = { iat: Math.floor(Date.now / 1000), sub: user._id };
I implement the passport-jwt strategy the other day & noticed that it does not respect the expire date/time. I set the token to expire in 3 seconds and the token still gave me access to my node app after 24 hours. I checked the token on jwt.io and confirmed that the expire time is set correctly with no resolution.
I know passport is configured correctly because it returns 'unauthorized' if I supply an invalid or missing token.
here is a generated token for reference for this example I changed the expiresIn to 30 sec.
{ "success": true, "message": "You've Successfully Logged in!", "token": "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1ZjU1YWY5MWVmYzJmODA3NmM0ZjZiMTIiLCJpYXQiOjE1OTk1MDEzMjc4NTgsImV4cCI6MTU5OTUwMTMyNzg4OH0.L2uO0J5dMnecvMbYAsbwarXgCEx_b68kBGymno5mGBBfOEND4ocHarVnO3fDF10u2GcrIv3NsUCvImUp_LqBVJAOmOyC13KRHA-fKjoJfE1DIuFzEuSVzQJ5nUIL_WxW1tfplzq0_V4IXe_gnSg9v5tRdp0YRs0PT4zXcJ5pzhzNRDitbUSS1C_rW_ZYWAgBbARyW4aXBlZO7-KnNu6xckFfbGU3qTrpaTL7yCITZeiiayJ2HaPZGkNDzWYpmiQZzar1XGDeV4z_dk-0O3R_mFK3QgkfLfYv5-SEdbdvCKXqrsGOAYjfexWgFI2INtV38Y-Wx3102YtveeSVt2JvssHwEsAC9wKCIpjNB8vljq_B0WAtAQqbl6wL_vOJ4hEVLNqW8Qe89_GnOD2wHpF4e4djpS0eIykYPZbia3yPjrrKaILjbZhwv-ELEx6_-ZI7Qu5gyq-22h3gCDSc0mL44Da5cRYMtW0fiS6l1_NXq7okmgkRMGHMVElW52ItQdCeiNiiTwYereyne6Dr96vG0Cs29NizEPcI2q5JMZDtc4d2bIPOuzjJs5a1T6oRr4xCRtgVdrbsFDO1_oCrG4ppVAgMl0OykFEa69qlU9b3Q5S3IfMAFCR-AxTCzr_YRLOE0wcNOvS9YiLszPgzIDfF9nbKpgVcbtfX6pItML_fsqQ", "expires": 30 }